Internet Assigned Numbers Authority

CBOR Web Token (CWT) Claims

Last Updated
Available Formats



Plain text

Registries included below

CBOR Web Token (CWT) Claims

Mike Jones, Hannes Tschofenig, Ludwig Seitz
Registration requests should be sent to the mailing list described in 
[RFC8392]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact
Available Formats

Range Registration Procedures
Integer values from -256 to 255 Standards Action
Integer values from -65536 to -257 Specification Required
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Claim Name Claim Description JWT Claim Name Claim Key Claim Value Type Change Controller Reference
Reserved for Private Use less than -65536 [RFC8392]
Unassigned -65536 to -261
hcert Health Certificate hcert -260 map [European_eHealth_Network] [Electronic Health Certificate Specification]
EUPHNonce Challenge Nonce EUPHNonce -259 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EATMAROEPrefix Signing prefix for multi-app restricted operating environments EATMAROEPrefix -258 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EAT-FDO EAT-FDO may contain related to FIDO Device Onboarding EAT-FDO -257 array [FIDO_Alliance] [FIDO Device Onboard Specification]
Unassigned -256 to -1
Reserved This registration reserves the key value 0 0 [IESG] [RFC8392]
iss Issuer iss 1 text string [IESG] [RFC8392]
sub Subject sub 2 text string [IESG] [RFC8392]
aud Audience aud 3 text string [IESG] [RFC8392]
exp Expiration Time exp 4 integer or floating-point number [IESG] [RFC8392]
nbf Not Before nbf 5 integer or floating-point number [IESG] [RFC8392]
iat Issued At iat 6 integer or floating-point number [IESG] [RFC8392]
cti CWT ID jti 7 byte string [IESG] [RFC8392]
cnf Confirmation cnf 8 map [IESG] [RFC8747]
scope The scope of an access token, as defined in [RFC6749]. scope 9 byte string or text string [IESG] [RFC8693, Section 4.2]
Nonce Nonce eat_nonce 10 bstr or array [IETF] [OpenID Connect Core 1.0][RFC-ietf-rats-eat-25]
Unassigned 11 to 37
ace_profile The ACE profile a token is supposed to be used with. ace_profile 38 integer [IETF] [RFC9200, Section 5.10]
cnonce The client-nonce sent to the AS by the RS via the client. cnonce 39 byte string [IETF] [RFC9200, Section 5.10]
exi The expiration time of a token measured from when it was received at the RS in seconds. exi 40 unsigned integer [IETF] [RFC9200, Section 5.10.3]
Unassigned 41 to 168
identity-data Registering the claim for storing identity data of a person, which could be personally identifiable data (PII) mostly used in Foundational/National ID for cross-border interoperability. identity-data 169 map [MOSIP] [CBOR Identity Data in QR Code, Section 3][CBOR Identity Data in QR Code, Section 4]
Unassigned 170 to 255
UEID The Universal Entity ID ueid 256 bstr [IETF] [RFC-ietf-rats-eat-25]
SUEIDs Semi-permanent UEIDs sueids 257 map [IETF] [RFC-ietf-rats-eat-25]
Hardware OEM ID Hardware OEM ID oemid 258 bstr or int [IETF] [RFC-ietf-rats-eat-25]
Hardware Model Model identifier for hardware hwmodel 259 bstr [IETF] [RFC-ietf-rats-eat-25]
Hardware Version Hardware Version Identifier hwversion 260 array [IETF] [RFC-ietf-rats-eat-25]
Uptime Uptime uptime 261 uint [IETF] [RFC-ietf-rats-eat-25]
OEM Authorized Boot Indicates whether the software booted was OEM authorized oemboot 262 bool [IETF] [RFC-ietf-rats-eat-25]
Debug Status Indicates status of debug facilities dbgstat 263 uint [IETF] [RFC-ietf-rats-eat-25]
Location The geographic location location 264 map [IETF] [RFC-ietf-rats-eat-25]
EAT Profile Indicates the EAT profile followed eat_profile 265 uri or oid [IETF] [RFC-ietf-rats-eat-25]
Submodules Section The section containing submodules submods 266 map [IETF] [RFC-ietf-rats-eat-25]
Boot Count The number times the entity or submodule has been booted bootcount 267 uint [IETF] [RFC-ietf-rats-eat-25]
Boot Seed Identifies a boot cycle bootseed 268 bstr [IETF] [RFC-ietf-rats-eat-25]
DLOAs Certifications received as Digital Letters of Approval dloas 269 array [IETF] [RFC-ietf-rats-eat-25]
Software Name The name of the software running in the entity swname 270 tstr [IETF] [RFC-ietf-rats-eat-25]
Software Version The version of software running in the entity swversion 271 array [IETF] [RFC-ietf-rats-eat-25]
Software Manifests Manifests describing the software installed on the entity manifests 272 array [IETF] [RFC-ietf-rats-eat-25]
Measurements Measurements of the software, memory configuration and such on the entity measurements 273 array [IETF] [RFC-ietf-rats-eat-25]
Software Measurement Results The results of comparing software measurements to reference values measres 274 array [IETF] [RFC-ietf-rats-eat-25]
Intended Use Indicates intended use of the EAT intuse 275 uint [IETF] [RFC-ietf-rats-eat-25]
Unassigned 276 to 281
geohash Geohash String geohash 282 text string or array [Consumer_Technology_Association] [Fast and Readable Geographical Hashing (CTA-5009)]
Unassigned 283 to 299
wmver The version of the WM Token wmver 300 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmvnd The WM technology vendor wmvnd 301 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmpatlen The length in bits of the WM pattern wmpatlen 302 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmsegduration The nominal duration of a segment wmsegduration 303 map [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmpattern The WM pattern wmpattern 304 COSE_Encrypt0 or COSE_Encrypt or byte string [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmid Used as input to derive the WM pattern for indirect mode wmid 305 text string [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmopid Used as additional input to derive the WM pattern for indirect mode wmopid 306 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
wmkeyver The key to use for derivation of the WM pattern in indirect mode wmkeyver 307 unsigned integer [DASH-IF] [ETSI TS 104 002 V1.1.1]
Unassigned 308 to 2393
psa-client-id PSA Client ID N/A 2394 signed integer [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-security-lifecycle PSA Security Lifecycle N/A 2395 unsigned integer [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-implementation-id PSA Implementation ID N/A 2396 byte string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-boot-seed PSA Boot Seed N/A 2397 byte string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-certification-reference PSA Certification Reference N/A 2398 text string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-software-components PSA Software Components N/A 2399 array [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-verification-service-indicator PSA Verification Service Indicator N/A 2400 text string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
Unassigned 2401 to 65535

CWT Confirmation Methods

Registration Procedure(s)
Specification Required
Ludwig Seitz, Mike Jones
Registration requests should be sent to the mailing list described in 
[RFC8747]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact
Available Formats

Confirmation Method Name Confirmation Method Description JWT Confirmation Method Name Confirmation Key Confirmation Value Type Change Controller Reference
COSE_Key COSE_Key Representing Public Key jwk 1 COSE_Key structure [IESG] [RFC8747, Section 3.2]
Encrypted_COSE_Key Encrypted COSE_Key jwe 2 COSE_Encrypt or COSE_Encrypt0 structure (with an optional corresponding COSE_Encrypt or COSE_Encrypt0 tag) [IESG] [RFC8747, Section 3.3]
kid Key Identifier kid 3 binary string [IESG] [RFC8747, Section 3.4]
osc OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation osc 4 map [IETF] [RFC9203, Section 3.2.1]

Contact Information

ID Name Contact URI Last Updated
[Consumer_Technology_Association] Consumer Technology Association mailto:standards& 2024-02-21
[DASH-IF] DASH Industry Forum 2023-03-01
[European_eHealth_Network] European eHealth Network mailto:jakob& 2021-04-15
[FIDO_Alliance] FIDO Alliance mailto:iana-request& 2021-03-05
[Hannes_Tschofenig] Hannes Tschofenig mailto:hannes.tschofenig& 2022-07-27
[IESG] IESG mailto:iesg&
[IETF] IETF mailto:iesg&
[MOSIP] MOSIP mailto:resham& 2024-05-15